October marks the beginning of National Cybersecurity Awareness Month, the goal of which is to encourage the public and industry to appreciate the importance of cybersecurity and remain constantly vigilant when it comes to the technology we rely on every day – including medical devices.
As technology continues to connect, transform and evolve at a rapid pace, cybersecurity threats are never far behind. Medical devices have become increasingly interconnected through wired and wireless connections, providing significant benefits to patients, health care providers, and health care institutions. But interconnected devices can be more vulnerable to cybersecurity threats, which could potentially impact patient safety. The FDA takes medical device cybersecurity very seriously, and we are committed to our mission of mitigating the risks cybersecurity vulnerabilities can pose to patient safety and the public health, without decreasing the benefits of interconnected medical devices.
The FDA works with industry to identify cybersecurity issues that manufacturers should consider in the design and development of their medical devices. But, medical device cyber safety is a large and shared responsibility that requires diligence from all stakeholders, including: medical device manufacturers, government agencies, health care organizations, health care professionals, cybersecurity researchers, and medical device users. The FDA works with several public and private organizations including the Department of Health and Human Services, the National Health Information Sharing and Analysis Center (NH-ISAC), and the Medical Device Innovation, Safety, and Security Consortium (MDISS), and the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These partnering efforts serve to raise awareness of medical device safety and cybersecurity in health care and public health, and also to foster collaboration, information sharing, and coordinated vulnerability disclosure policies and practices.
The FDA reminds everyone to remain aware, vigilant, and committed each day to employing cybersecurity best practices and good cyber hygiene. Although we will constantly find new gaps and face new challenges in medical device cybersecurity, we must remain committed to working together to protect public health.
For more information about National Cybersecurity Awareness Month, including tips on cyber safety, visit DHS' Stop.Think.Connect. Campaign website. You can also find more information about medical device cybersecurity by visiting the Center for Devices and Radiological Health website.
If you have any questions regarding cybersecurity and medical devices, please contact CDRH's Division of Industry and Consumer Education (DICE) at [email protected], or via phone at 1-800-638-2041, or 301-796-7100.